check password script

The name of a program that can be used to check password
complexity. The password is sent to the program's standard input.

The program must return 0 on a good password, or any other value
if the password is bad.
In case the password is considered weak (the program does not return 0) the
user will be notified and the password change will fail.

In Samba AD, this script will be run AS ROOT by
samba 8
without any substitutions.

Note that starting with Samba 4.11 the following environment variables are exported to the script:

SAMBA_CPS_ACCOUNT_NAME is always present and contains the sAMAccountName of user, the is the same as the %u substitutions in the none AD DC case.
SAMBA_CPS_USER_PRINCIPAL_NAME is optional in the AD DC case if the userPrincipalName is present.
SAMBA_CPS_FULL_NAME is optional if the displayName is present.

Note: In the example directory is a sample program called crackcheck
that uses cracklib to check the password quality.

Example: /usr/local/sbin/crackcheck

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

check password script

Registry PathSoftware\Policies\Samba\smb_conf\check password script
Value Namecheck password script
Value TypeREG_SZ
Default Value


Administrative Templates (Computers)